Save common commands on this server to .useful file

Command line productivity takes many forms. Some people live by bash autocompletion. I disdained it when I first started using bash (coming from ksh93) but over time realized that it’s a fantastic method for discovery (it’s much more complete on Debian-based distros than Fedora-based ones) and ease of use when typing long pathnames.

When you manage a disparate set of systems, and there are some tasks you repeat often, you usually try to list history and find the useful commands. One of mine:

sudo /var/storage1/shares/public/www/example.com/repo/devuan-deb/update-devuan-deb.sh

But over time, I have many commands I log in for, just to run the one command, and log out. So I have started using a text file: ~/.useful. Inside this file, place your oneliners.

So whenever you log onto a box, and you need to see what commands you run here commonly, check what you’ve saved:

cat ~/.useful

Of course, it’s only useful if you bother to populate it.

echo 'vi $( newest /var/log/debmirror/ log )' >> ~/.useful

Update osc password for Open Build Service

After the Open Build Service’s effort to migrate to the new authentication system, I went ahead and just rotated my password.

adrianSuSE wrote 2 days ago: OBS has switched to the new authentification system: https://idp-portal-info.suse.com

Of course my osc commands started failing on the command line.

The man page for osc is a little obtuse. You have to omit the word “section” when changing the password.

osc config https://api.opensuse.org --change-password

And then osc will be back on track!

Hide debian-style motd

If you use Debian-family systems in a networked environment and log in through ssh, you might see this message a lot:

Linux d2-03a 5.5.0-2-amd64 #1 SMP Debian 5.5.17-1 (2020-04-15) x86_64

The programs included with the Devuan GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Devuan GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed May  6 19:12:04 2020 from 192.168.1.19

I finally decided to do something about this message that I see every time.
Find any lines in /etc/pam.d/sshd that are uncommented and that call pam_motd.so, and comment the line out.

sudo sed -i -r -e '/pam_motd.so/{/^#/!{s/^/#/;};}' /etc/pam.d/sshd

turn dnf color off

Sometimes, color on the console is a good thing. Sometimes, it’s distracting.

I upgraded to Fedora 31, and was surprised to see colorized output for dnf, the web-aware package manager that wraps around rpm.

I was not in a mood to deal with different colors of package names. Yum/dnf already has great output (and apt does not) and needs no further improvement.

So to turn off the dnf color output, just set “color=never” in the “[main]” section of dnf.conf. For users of my bgscripts package from my stackrpms copr, use modconf.

sudo /usr/libexec/bgscripts/py/modconf.py -a /etc/dnf/dnf.conf -s 'main' set color never

Install build dependencies from source files, dpkg and rpm

For a dpkg

cd $packagedir ;
mk-build-deps
sudo apt-get install ./${package}-build-deps*.deb

Source: ubuntu – Given a debian source package – How do I install the build-deps? – Server Fault

For an rpm

yum-builddep my-package.spec

Or

dnf builddep my-package.spec

fedora – Automatically install build dependencies prior to building an RPM package – Stack Overflow/13228992#13228992

Install CentOS 8 with kickstart and virt-install

This is a modification of my process for using virt-install to fully automate the install for CentOS/Fedora with kickstart.

Here is my kickstart file for CentOS 8. Only minor modifications were required. A few packages aren’t available yet, but I’ve stopped using them, and a few renames.

How I use this

I define a variable, and plug it into the important parts.

vm=c8-02a ; time sudo virt-install -n "${vm}" --memory 2048 --vcpus=1 --os-variant=centos7.0 --accelerate -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 -l /mnt/public/Support/SetupsBig/Linux/CentOS-8-x86_64-1905-dvd1.iso --initrd-inject=/mnt/public/Support/Platforms/CentOS8/centos8-ks.cfg --extra-args "ks=file:/centos8-ks.cfg SERVERNAME=${vm} NOTIFYEMAIL=bgstack15@gmail.com net.ifnames=0 biosdevname=0" --debug --network type=bridge,source=br0 --noautoconsole

Some thoughts

The repository URLs are a little different for CentOS 8, but once I had one built I could examine the URLS and correct my kickstart to use my local repos.

Dependencies

The kickstart file

# File: /mnt/public/Support/Platforms/CentOS8/centos8-ks.cfg
# Locations:
#    /mnt/public/Support/Platforms/CentOS8/centos8-ks.cfg
# Author: bgstack15
# Startdate: 2017-06-02
# Title: Kickstart for CentOS 8 for ipa.smith122.com
# Purpose: To provide an easy installation for VMs and other systems in the Mersey network
# History:
#    2017-06 I learned how to use kickstart files for the RHCSA EX-200 exam
#    2017-08-08 Added notifyemail to --extra-args
#    2017-10-29 major revision to use local repository
#
#
#
#
#    2019-09-24 fork for CentOS 8
# Usage with virt-install:
#    vm=c8-01a ; time sudo virt-install -n "${vm}" --memory 2048 --vcpus=1 --os-variant=centos7.0 --accelerate -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 -l /mnt/public/Support/SetupsBig/Linux/CentOS-8-x86_64-1905-dvd1.iso --initrd-inject=/mnt/public/Support/Platforms/CentOS8/centos8-ks.cfg --extra-args "ks=file:/centos8-ks.cfg SERVERNAME=${vm} NOTIFYEMAIL=bgstack15@gmail.com net.ifnames=0 biosdevname=0" --debug --network type=bridge,source=br0 --noautoconsole
#    vm=c8-01a; sudo virsh destroy "${vm}"; sudo virsh undefine --remove-all-storage "${vm}";
# Reference:
#    https://sysadmin.compxtreme.ro/automatically-set-the-hostname-during-kickstart-installation/
#    /mnt/public/Support/Platforms/CentOS7/install-vm.txt

#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --plaintext f0rg3tkickstart&
# my user
user --groups=wheel --name=bgstack15-local --password=$6$.gh9u7vg2HDJPPX/$g3X1l.q75fs7i0UKUt6h88bDIo1YSGGj/1DGeUzzbMTb0pBh4of6iNYWyxws/937qUiPgETqOsYFI5XNrkaUe. --iscrypted --gecos="bgstack15-local"

# System language
lang en_US.UTF-8
# Firewall configuration
firewall --enabled --ssh
# Reboot after installation
reboot
# Network information
#attempting to put it in the included ks file that accepts hostname from the virsh command.
#network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate
%include /tmp/network.ks
# System timezone
timezone America/New_York --utc
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use network installation instead of CDROM installation media
url --url="http://www.ipa.smith122.com/mirror/centos/8/BaseOS/x86_64/os"

# Use text mode install
text
# SELinux configuration
selinux --enforcing
# Do not configure the X Window System
skipx

# Use all local repositories
# Online repos
repo --name=smith122rpm --baseurl=http://www.ipa.smith122.com/smith122/repo/rpm/
repo --name=base --baseurl=https://www.ipa.smith122.com/mirror/centos/$releasever/BaseOS/$basearch/os/
repo --name=appstream --baseurl=https://www.ipa.smith122.com/mirror/centos/$releasever/AppStream/$basearch/os/
repo --name=extras --baseurl=https://www.ipa.smith122.com/mirror/centos/$releasever/extras/$basearch/os/
repo --name=powertools --baseurl=https://www.ipa.smith122.com/mirror/centos/$releasever/PowerTools/$basearch/os/
repo --name=epel --baseurl=https://www.ipa.smith122.com/mirror/fedora/epel/$releasever/Everything/$basearch

# Offline repos
#
#
#
#
#

firstboot --disabled

# System bootloader configuration
bootloader --location=mbr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
autopart --type=lvm

%pre
echo "network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname renameme.ipa.smith122.com" > /tmp/network.ks
for x in $( cat /proc/cmdline );
do
   case $x in
      SERVERNAME*)
         eval $x
         echo "network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname ${SERVERNAME}.ipa.smith122.com" > /tmp/network.ks
         ;;
      NOTIFYEMAIL*)
         eval $x
         echo "${NOTIFYEMAIL}" > /mnt/sysroot/root/notifyemail.txt
	 ;;
   esac
done
cp -p /run/install/repo/ca-ipa.smith122.com.crt /etc/pki/ca-trust/source/anchors/ 2>/dev/null || :
wget http://www.ipa.smith122.com/smith122/certs/ca-ipa.smith122.com.crt -O /etc/pki/ca-trust/source/anchors/ca-ipa.smith122-wget.com.crt || :
update-ca-trust || :
%end

%post
(
   # Set temporary hostname
   #hostnamectl set-hostname renameme.ipa.smith122.com;

   ifup eth0
   sed -i -r -e 's/ONBOOT=.*/ONBOOT=yes/;' /etc/sysconfig/network-scripts/ifcfg-e*

   # Get local mirror root ca certificate
   wget http://www.ipa.smith122.com/smith122/certs/ca-ipa.smith122.com.crt -O /etc/pki/ca-trust/source/anchors/ca-ipa.smith122.com.crt && update-ca-trust

   # Get local mirror repositories
   wget https://www.ipa.smith122.com/smith122/repo/rpm/smith122rpm.repo -O /etc/yum.repos.d/smith122rpm.repo;
   wget http://www.ipa.smith122.com/smith122/repo/rpm/smith122rpm.mirrorlist -O /etc/yum.repos.d/smith122rpm.mirrorlist
   distro=centos8 ; wget https://www.ipa.smith122.com/smith122/repo/mirror/smith122-bundle-${distro}.repo -O /etc/yum.repos.d/smith122-bundle-${distro}.repo && grep -oP "(?<=^\[).*(?=-smith122])" /etc/yum.repos.d/smith122-bundle-${distro}.repo | while read thisrepo; do yum-config-manager --disable "${thisrepo}"; done # NONE TO REMOVE dnf -y remove dnfdragora ; yum clean all ; yum update -y ; # Remove graphical boot and add serial console sed -i -r -e '/^GRUB_CMDLINE_LINUX=/{s/(\s*)(rhgb|quiet)\s*/\1/g;};' -e '/^GRUB_CMDLINE_LINUX=/{s/(\s*)\"$/ console=ttyS0 console=tty1\"/;}' /etc/default/grub grub2-mkconfig > /boot/grub2/grub.cfg

   # postfix is already started by default on centos8
   # Send IP address to myself
   thisip="$( ifconfig 2>/dev/null | awk '/Bcast|broadcast/{print $2}' | tr -cd '[^0-9\.\n]' | head -n1 )"
   {
      echo "${SERVER} has IP ${thisip}."
      echo "system finished kickstart at $( date "+%Y-%m-%d %T" )";
   } | /usr/share/bgscripts/send.sh -f "root@$( hostname --fqdn )" \
      -h -s "${SERVER} is ${thisip}" $( cat /root/notifyemail.txt 2>/dev/null )

   # No changes to graphical boot
   #

   # fix the mkhomedir problem
   systemctl enable oddjobd.service && systemctl start oddjobd.service

   # Personal customizations
   mkdir -p /mnt/bgstack15 /mnt/public
   su bgstack15-local -c "sudo /usr/share/bgconf/bgconf.py"

) >> /root/install.log 2>&1
%end

%packages
@core
@^minimal install
bc
bgconf
bgscripts-core
bind-utils
cifs-utils
cryptsetup
dosfstools
epel-release
expect
firewalld
git
iotop
ipa-client
-iwl*-firmware
mailx
man
mlocate
net-tools
nfs-utils
p7zip
parted
python3-policycoreutils
rpm-build
rsync
screen
strace
sysstat
tcpdump
telnet
vim
wget
yum-utils
%end

Run init script as SELinux type other than initrc_t

To run a custom init script as SELinux context other than initrc_t, you can use an SELinux policy that adds a new type for you to use.

# Filename: general-local.te
# License: CC-BY-SA 4.0
# Author: bgstack15
# Startdate: 2019-09-19 16:45
# Title: SELinux Policy for Custom Process Types from Init Scripts
# Purpose: SELinux policy to allow an init script to run a process as a selinux type other than initrc_t
# History:
# Usage:
#    When installed, you can run the following command to have the daemon process transition to type unconfined_t:
#    chcon -t 'local_initrc_exec_t' /etc/init.d/myscript
# Reference:
#    liberal use of tail -n45000 /var/log/audit/audit.log | audit2allow
#    https://selinuxproject.org/page/ObjectClassesPerms#filesystem
#    http://www.cse.psu.edu/~trj1/cse543-f07/slides/03-PolicyConcepts.pdf
#    http://www.billauer.co.il/selinux-policy-module-howto.html
#    https://fedoraproject.org/wiki/PackagingDrafts/SELinux#Creating_new_types
#    https://wiki.centos.org/HowTos/SELinux
#    https://bgstack15.wordpress.com/2018/02/13/logrotate-audit-log-selinux-cron-and-ansible/
# Improve:
# Documentation:
#    Change an init script to context local_initrc_exec_t and then the process will transition to unconfined_t which of course is insecure, but it satisfies the scan that is looking for daemons running as initrc_t.
module general-local 1.0;

require {
        type fs_t;
        type initrc_exec_t;
        type init_t;
        type unconfined_t;
        class file { append create entrypoint execmod execute execute_no_trans getattr ioctl link lock mounton open quotaon read relabelfrom relabelto rename setattr swapon unlink write };
        class filesystem associate;
        class process { unconfined transition };
        class service { start status };
}

type local_initrc_exec_t;
type_transition init_t local_initrc_exec_t:process unconfined_t ;

#============= init_t ==============
allow init_t local_initrc_exec_t:file *;
allow init_t unconfined_t:process transition;
#============= local_initrc_exec_t ==============
allow local_initrc_exec_t fs_t:filesystem associate;
#============= unconfined_t ==============
allow unconfined_t local_initrc_exec_t:file *;
allow unconfined_t local_initrc_exec_t:service { start status };

To compile and install this module, you can run the following oneliner.

checkmodule -M -m -o general_local.mod general_local.te && semodule_package -m general_local.mod -o general_local.pp && semodule -v -i general_local.pp

Should you run daemons as unconfined_t? Of course not. But it’s different than running it as initrc_t.

References

Weblinks

  1. ObjectClassesPerms – SELinux Wiki
  2. SELinux Policy Concepts and Overview: Security Policy Development Primer for Security Enhanced Linux
  3. Writing a targeted policy module for SELinux (howto tutorial slides)
  4. PackagingDrafts/SELinux – Fedora Project Wiki#Creating_new_types
  5. HowTos/SELinux – CentOS Wiki
  6. Logrotate, audit.log, selinux, cron, and ansible | Knowledge Base

 

Use virt-install to fully automate the install for Devuan with preseed

I recently discovered how to use a Debian preseed file while building a VM in kvm. After hand-crafting my Devuan preseed file, here it is in all my customized and I’m sure duplicate-filled and bogus-answer-encrusted glory.

How I use this

I define a variable, and plug it into the important parts.

vm=d2-04a ; time sudo virt-install -n "${vm}" --memory 2048 \
   --vcpus=1 --os-variant=debiantesting -v \
   --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 \
   -l /mnt/public/Support/SetupsBig/Linux/devuan_ascii_2.0.0-beta_amd64_DVD.iso \
   --initrd-inject=/mnt/public/Support/Platforms/devuan/preseed/preseed.cfg \
   --extra-args "hostname=${vm} NOTIFYEMAIL=bgstack15@gmail.com interface=auto" \
   --debug --network type=bridge,source=br0 --noautoconsole

Some thoughts

For some reason I was unable to get the preseed to work with the non-beta Ascii iso. When I started the preseed vm activity, I already had the beta disc so I was using it first before I downloaded the release disc, which didn’t even work. So I reverted to the beta disc. Please share any results, working or otherwise, you have when trying this with the release disc.
I do some tricky stuff in here with grub and the ceres release. Apparently consolekit messes with some of the files grub wants to lay down in /boot (having to do with locales), so I had to create this complex solution. I don’t even care that it’s “grub-legacy.” It seems a little simpler for a simpler time, and also works, so why bother doing anything different?

The preseed file

# File: /mnt/public/Support/Platforms/devuan/devuan-preseed1.txt
# Locations:
#    /mnt/public/Support/Platforms/devuan/devuan-preseed1.txt
# Author: bgstack15
# Startdate: 2019-06-25
# Title: Kickstart for CentOS 7 for ipa.smith122.com
# Purpose: To provide an easy installation for VMs and other systems in the Mersey network
# History:
#    2017-06 I learned how to use kickstart files for the RHCSA EX-200 exam
#    2017-08-08 Added notifyemail to --extra-args
#    2017-10-29 major revision to use local repository
#    2019-06-25 fork from centos7-ks.cfg
# Usage with virt-install:
#    vm=d2-04a ; time sudo virt-install -n "${vm}" --memory 2048 --vcpus=1 --os-variant=debiantesting -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 -l /mnt/public/Support/SetupsBig/Linux/devuan_ascii_2.0.0-beta_amd64_DVD.iso --initrd-inject=/mnt/public/Support/Platforms/devuan/preseed/preseed.cfg --extra-args "hostname=${vm} NOTIFYEMAIL=bgstack15@gmail.com interface=auto" --debug --network type=bridge,source=br0 --noautoconsole
#    vm=d2-04a; sudo virsh destroy "${vm}"; sudo virsh undefine --remove-all-storage "${vm}";
# Reference:
#    https://sysadmin.compxtreme.ro/automatically-set-the-hostname-during-kickstart-installation/
#    /mnt/public/Support/Platforms/CentOS7/install-vm.txt
#    https://serverfault.com/questions/481244/preseed-command-string-fail-with-newline-character-using-virt-install-initrd-inj
#    https://www.debian.org/releases/stable/i386/apbs01.html.en
#    https://github.com/jameswthorne/preseeds/blob/master/debian-7-wheezy-unattended.seed
#    syntax for --location https://www.queryxchange.com/q/1_908324/virt-install-preseed-not-working/
#    example preseed https://www.debian.org/releases/stable/example-preseed.txt
#    skip next dvd question https://unix.stackexchange.com/questions/409212/preseed-directive-to-skip-another-cd-dvd-scanning
#    grub problem caused by consolekit:amd64 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915947#10
#    https://stackoverflow.com/questions/39861614/how-to-fully-automate-unattended-virt-install
#    https://www.debian.org/releases/stable/i386/apbs03.html.en
#    https://dev1galaxy.org/viewtopic.php?id=1853
#    https://www.cyberciti.biz/faq/howto-setup-serial-console-on-debian-linux/
# Improve:
#    discover how to send email, using postfix or sendmail. Don't care which, but exclude exim4.
#    echo "$( hostname ) has IP $( ip -4 -o a s eth0 | awk '{print $4}' | sed -r -e 's/\/.*$//' )" | 
#    add the kernel lines: console=ttyS0 console=tty1. Get this to work; tried manually but perhaps devuan doesn't use console the same way?

d-i debian-installer/country string US
d-i debian-installer/keymap select us
d-i debian-installer/language string en
d-i debian-installer/locale string en_US
d-i localechooser/supported-locales string en_US.UTF-8

d-i keyboard-configuration/layoutcode string us
d-i keyboard-configuration/variantcode string
d-i keyboard-configuration/xkb-keymap select us

d-i netcfg/disable_autoconfig boolean false
d-i netcfg/get_domain string ipa.smith122.com
d-i netcfg/wireless_wep string
# disable asking for non-free firmware, because this is a vm and has none
d-i hw-detect/load_firmware boolean false

#d-i apt-setup/enable-source-repositories boolean false
# ORIGINAL d-i apt-setup/services-select multiselect security updates, release updates, backported software
d-i apt-setup/contrib boolean true
d-i apt-setup/disable-cdrom-entries boolean true
d-i apt-setup/non-free boolean true
d-i apt-setup/use_mirror boolean true
d-i mirror/country string manual
d-i mirror/http/directory string /devuan
d-i mirror/http/hostname string deb.devuan.org
d-i mirror/http/proxy string
d-i mirror/protocol string http
d-i mirror/suite string testing

d-i apt-setup/cdrom/set-failed boolean false
d-i apt-setup/cdrom/set-first boolean false
d-i apt-setup/cdrom/set-next boolean false

# my repos and ceres
d-i apt-setup/local0/comment string smith122deb
d-i apt-setup/local0/key string http://albion320.no-ip.biz/smith122/repo/deb/smith122deb.gpg
d-i apt-setup/local0/repository string http://albion320.no-ip.biz/smith122/repo/deb/ /
d-i apt-setup/local1/comment string devuan-deb
d-i apt-setup/local1/key string http://albion320.no-ip.biz/smith122/repo/deb/smith122deb.gpg
d-i apt-setup/local1/repository string http://albion320.no-ip.biz/smith122/repo/devuan-deb/ /
d-i apt-setup/local2/comment string ceres
d-i apt-setup/local2/key string https://pkgmaster.devuan.org/merged/dists/ceres/Release.gpg
d-i apt-setup/local2/repository string http://pkgmaster.devuan.org/merged ceres main contrib non-free
# if for some reason I really need to turn off the gpg key check:
#d-i debian-installer/allow_unauthenticated boolean false

tasksel tasksel/first multiselect standard, ssh-server

# adapted from /mnt/public/Support/Platforms/devuan/devuan.txt, main fluxbox desktop, but for a vm
# no xscreensaver, for a vm.
d-i pkgsel/include string \
   alsamixergui alttab apt-transport-https bgconf bgscripts bgscripts-core \
   cifs-utils curl fluxbox freeipa-client git grub lightdm lightdm-gtk-greeter \
   mlocate net-tools nfs-common ntpdate oddjob-mkhomedir=0.1-1 openssh-server \
   p7zip palemoon palemoon-ublock-origin parted qemu-guest-agent rsync scite \
   screen spice-vdagent strace sudo tcpdump vim vlc volumeicon-alsa waterfox \
   xfce4-terminal xfe xserver-xorg-video-qxl

d-i pkgsel/upgrade select none

popularity-contest popularity-contest/participate boolean true

d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string dns1.ipa.smith122.com
d-i time/zone string America/New_York

# skip grub during main part, because we will do it in late_command
d-i grub-installer/skip boolean true
# these next 2 are experimental
d-i grub-installer/skip-again boolean true
d-i grub-installer/skip-confirm boolean true
d-i grub-installer/confirm_skip boolean true
d-i nobootloader/confirmation_common boolean true

d-i lilo-installer/skip boolean true
#d-i grub-installer/with_other_os boolean true
#d-i grub-installer/only_debian boolean true
#d-i grub-installer/grub2_instead_of_grub_legacy boolean true
#d-i grub-installer/bootdev string /dev/vda
#d-i grub-installer/choose_bootdev select /dev/vda
#grub-installer grub-installer/force-efi-extra-removable boolean false

d-i passwd/root-password password somethingStrongHere
d-i passwd/root-password-again password somethingStrongHere

d-i partman-auto/choose_recipe select home
d-i partman-auto-crypto/erase_disks boolean false
d-i partman-auto/disk string /dev/vda
d-i partman-auto/init_automatically_partition select biggest_free
d-i partman-auto/method string lvm
d-i partman/choose_label string gpt
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/confirm_write_new_label boolean true
d-i partman/default_label string gpt
#d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-md/confirm_nooverwrite boolean true
#d-i partman/mount_style select uuid
d-i partman-partitioning/confirm_write_new_label boolean true

# Uncomment this to add multiarch configuration for i386
#d-i apt-setup/multiarch string i386

d-i passwd/make-user boolean true
d-i passwd/user-fullname string bgstack15
d-i passwd/username string bgstack15
d-i passwd/user-password-crypted password $6$85aKM2DkiD5g9r3D$zkbcVES1Bzu.b5dBJxklSggEJzswZBlVAyc9LUUIzMA2OLRH2PD2ZWE9Q40Wtw/3OOxDM2nF031hfD4s5LGuG1
d-i passwd/user-default-groups string audio cdrom video

d-i finish-install/reboot_in_progress note
d-i cdrom-detect/eject boolean true

# additional application stuff just in case it works and is useful
# LDAP server URI:
d-i shared/ldapns/ldap-server	string	ldapi:///ipa.smith122.com

d-i openssh-server/password-authentication	boolean	true
d-i openssh-server/permit-root-login	boolean	false

# Remove consolekit from ceres, which disrupts /boot/grub/local/*mo files, that grub-install wants.
d-i preseed/late_command string in-target apt-get purge -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" consolekit exim4\* ; \
   apt-get install -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" postfix ; \
   in-target grub-install /dev/vda ; in-target update-grub ; \
   in-target wget http://albion320.no-ip.biz/smith122/certs/ca-ipa.smith122.com.crt -O /usr/local/share/ca-certificates/ca-ipa.smith122.com.crt && update-ca-certificates || : ; \
   in-target su bgstack15 -c "sudo /usr/bin/bgconf.py" 1>/root/clone.log 2>&1 ; \
   in-target sed -i -r -e '/^kernel/s/(\s*console=.{1,7}[0-9])*\s*$/ console=tty0 console=ttyS0/;' /boot/grub/menu.lst ; \
   in-target sed -i -r -e '$aT0:23:respawn:/sbin/getty -L ttyS0 9600 vt100' /etc/inittab

Use virt-install to fully automate the install for CentOS/Fedora with kickstart

Here is my kickstart file for CentOS 7. I deploy VMs into my kvm environment with a oneliner, using this kickstart file.

How I use this

I define a variable, and plug it into the important parts.

vm=c7-04a ; time sudo virt-install -n "${vm}" --memory 2048 \
   --vcpus=1 --os-variant=centos7.0 --accelerate -v \
   --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 \
   -l /mnt/public/Support/SetupsBig/Linux/CentOS-7-x86_64-Minimal-1810.iso \
   --initrd-inject=/mnt/public/Support/Platforms/CentOS7/centos7-ks.cfg \
   --extra-args "ks=file:/centos7-ks.cfg SERVERNAME=${vm} NOTIFYEMAIL=bgstack15@gmail.com" \
   --debug --network type=bridge,source=br0 --noautoconsole

Some thoughts

I had to download the 1810 release of the iso, because there was something wrong with the repos or perhaps files in the previous isos, with how they interacted with either the virtual environment or the network or something. But the CentOS-7-x86_64-minimal-1810.iso was important.
I found the SERVERNAME trick on the Internet. You can iterate over /proc/cmdline and react to values you find there, in the %pre or %post scripts.
You will see that I use my own local repositories for the regular CentOS repos, and I add my own internal one (smith122/repo/rpm). Obviously you should find a suitable set of repos for your own.
You will also see that I attempt to download my CA certificates at various points. I’m pretty sure the %pre effort fails, because the system is not on the network yet.

Dependencies

The kickstart file

# File: /mnt/public/Support/Platforms/CentOS7/centos7-ks.cfg
# Locations:
#    /mnt/public/Support/Platforms/CentOS7/centos7-ks.cfg
# Author: bgstack15
# Startdate: 2017-06-02
# Title: Kickstart for CentOS 7 for ipa.smith122.com
# Purpose: To provide an easy installation for VMs and other systems in the Mersey network
# History:
#    2017-06 I learned how to use kickstart files for the RHCSA EX-200 exam
#    2017-08-08 Added notifyemail to --extra-args
#    2017-10-29 major revision to use local repository
#
#
#
#
# Usage with virt-install:
#    vm=c7-04a ; time sudo virt-install -n "${vm}" --memory 2048 --vcpus=1 --os-variant=centos7.0 --accelerate -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 -l /mnt/public/Support/SetupsBig/Linux/CentOS-7-x86_64-Minimal-1810.iso --initrd-inject=/mnt/public/Support/Platforms/CentOS7/centos7-ks.cfg --extra-args "ks=file:/centos7-ks.cfg SERVERNAME=${vm} NOTIFYEMAIL=bgstack15@gmail.com" --debug --network type=bridge,source=br0 --noautoconsole
#    vm=c7-04a; sudo virsh destroy "${vm}"; sudo virsh undefine --remove-all-storage "${vm}";
# Reference:
#    https://sysadmin.compxtreme.ro/automatically-set-the-hostname-during-kickstart-installation/
#    /mnt/public/Support/Platforms/CentOS7/install-vm.txt

#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --plaintext SOMETHINGSTRONGHERE
# my user
user --groups=wheel --name=bgstack15-local --password=$6$.gh0u7vg2HDPJPX/$g4Y1l.q76fs7i0UK8t6h83bDIo2YnGGj/1DGeUzzbMTd0pBh4of6jNYWxxws/937sUiPgETqPsYFI5XNrkAle. --iscrypted --gecos="bgstack15-local"

# System language
lang en_US.UTF-8
# Firewall configuration
firewall --enabled --ssh
# Reboot after installation
reboot
# Network information
#attempting to put it in the included ks file that accepts hostname from the virsh command.
#network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate
%include /tmp/network.ks
# System timezone
timezone America/New_York --utc
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use network installation instead of CDROM installation media
url --url="http://www.ipa.smith122.com/mirror/centos/7/os/x86_64/"

# Use text mode install
text
# SELinux configuration
selinux --enforcing
# Do not configure the X Window System
skipx

# Use all local repositories
# Online repos
repo --name=smith122rpm --baseurl=https://www.ipa.smith122.com/smith122/repo/rpm/
repo --name=base --baseurl=https://www.ipa.smith122.com/mirror/centos/$releasever/os/$basearch/
repo --name=updates --baseurl=https://www.ipa.smith122.com/mirror/centos/$releasever/updates/$basearch/
repo --name=extras --baseurl=https://www.ipa.smith122.com/mirror/centos/$releasever/extras/$basearch/
repo --name=epel --baseurl=https://www.ipa.smith122.com/mirror/fedora/epel/$releasever/$basearch

# Offline repos
#
#
#
#
#

firstboot --disabled

# System bootloader configuration
bootloader --location=mbr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
autopart --type=lvm

%pre
echo "network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname renameme.ipa.smith122.com" > /tmp/network.ks
for x in $( cat /proc/cmdline );
do
   case $x in
      SERVERNAME*)
         eval $x
         echo "network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname ${SERVERNAME}.ipa.smith122.com" > /tmp/network.ks
         ;;
      NOTIFYEMAIL*)
         eval $x
         echo "${NOTIFYEMAIL}" > /mnt/sysroot/root/notifyemail.txt
         ;;
   esac
done
cp -p /run/install/repo/ca-ipa.smith122.com.crt /etc/pki/ca-trust/source/anchors/ 2>/dev/null || :
wget http://www.ipa.smith122.com/smith122/certs/ca-ipa.smith122.com.crt -O /etc/pki/ca-trust/source/anchors/ca-ipa.smith122-wget.com.crt || :
update-ca-trust || :
%end

%post
(
   # Set temporary hostname
   #hostnamectl set-hostname renameme.ipa.smith122.com;

   # Get local mirror root ca certificate
   wget http://www.ipa.smith122.com/smith122/certs/ca-ipa.smith122.com.crt -O /etc/pki/ca-trust/source/anchors/ca-ipa.smith122.com.crt && update-ca-trust

   # Get local mirror repositories
   wget https://www.ipa.smith122.com/smith122/repo/rpm/smith122rpm.repo -O /etc/yum.repos.d/smith122rpm.repo;
   wget http://www.ipa.smith122.com/smith122/repo/rpm/smith122rpm.mirrorlist -O /etc/yum.repos.d/smith122rpm.mirrorlist
   distro=centos7 ; wget https://www.ipa.smith122.com/smith122/repo/mirror/smith122-bundle-${distro}.repo -O /etc/yum.repos.d/smith122-bundle-${distro}.repo && grep -oP "(? /boot/grub2/grub.cfg

   # postfix is already started by default on centos7
   # Send IP address to myself
   thisip="$( ifconfig 2>/dev/null | awk '/Bcast|broadcast/{print $2}' | tr -cd '[^0-9\.\n]' | head -n1 )"
   {
      echo "${SERVER} has IP ${thisip}."
      echo "system finished kickstart at $( date "+%Y-%m-%d %T" )";
   } | /usr/share/bgscripts/send.sh -f "root@$( hostname --fqdn )" \
      -h -s "${SERVER} is ${thisip}" $( cat /root/notifyemail.txt 2>/dev/null )

   # No changes to graphical boot
   #

   # fix the mkhomedir problem
   systemctl enable oddjobd.service && systemctl start oddjobd.service

   # Personal customizations
   mkdir -p /mnt/bgstack15 /mnt/public
   su bgstack15-local -c "sudo /usr/share/bgconf/bgconf.py"

) >> /root/install.log 2>&1
%end

%packages
@core
@^minimal
autossh
bc
bgconf
bgscripts-core
bind-utils
cifs-utils
cryptsetup
dosfstools
epel-release
expect
firewalld
git
iotop
ipa-client
-iwl*-firmware
mailx
man
mlocate
net-tools
nfs-utils
ntp
p7zip
parted
policycoreutils-python
rpm-build
rsync
screen
strace
sysstat
tcpdump
telnet
vim
wget
yum-utils
%end